// Copyright 2019 Drone.IO Inc. All rights reserved.
// Use of this source code is governed by the Drone Non-Commercial License
// that can be found in the LICENSE file.

package registry

import (
	"context"

	"github.com/drone/drone/core"
	"github.com/drone/drone/logger"
	"github.com/drone/drone/plugin/registry/auths"
)

// Static returns a new static credentials controller.
func Static(secrets []*core.Secret) core.RegistryService {
	return &staticController{secrets: secrets}
}

type staticController struct {
	secrets []*core.Secret
}

func (c *staticController) List(ctx context.Context, in *core.RegistryArgs) ([]*core.Registry, error) {
	static := map[string]*core.Secret{}
	for _, secret := range c.secrets {
		static[secret.Name] = secret
	}

	var results []*core.Registry
	for _, name := range in.Pipeline.PullSecrets {
		logger := logger.FromContext(ctx).WithField("name", name)
		logger.Trace("registry: database: find secret")

		secret, ok := static[name]
		if !ok {
			logger.Trace("registry: database: cannot find secret")
			continue
		}

		// The secret can be restricted to non-pull request
		// events. If the secret is restricted, return
		// empty results.
		if secret.PullRequest == false &&
			in.Build.Event == core.EventPullRequest {
			logger.Trace("registry: database: pull_request access denied")
			continue
		}

		logger.Trace("registry: database: secret found")
		parsed, err := auths.ParseString(secret.Data)
		if err != nil {
			logger.WithError(err).Error("registry: database: parsing error")
			return nil, err
		}

		results = append(results, parsed...)
	}
	return results, nil
}